pax_global_header 0000666 0000000 0000000 00000000064 14600010636 0014506 g ustar 00root root 0000000 0000000 52 comment=025f2cb12c17eb9a0af92691ab44451a4522c462
dockerfiles-master/ 0000775 0000000 0000000 00000000000 14600010636 0014635 5 ustar 00root root 0000000 0000000 dockerfiles-master/.gitignore 0000664 0000000 0000000 00000000677 14600010636 0016637 0 ustar 00root root 0000000 0000000 ~*
*~
*.sw[op]
*.py[cod]
.DS_Store
__pycache__/
.vagrant/
vendor/
Thumbs.db
*.retry
.svn/
.sass-cache/
*.log
*.out
*.so
node_modules/
.npm/
nbproject/
*.ipynb
.idea/
*.egg-info/
*.[ao]
.classpath
.cache/
bower_components/
*.class
*.[ewj]ar
secring.*
.*.kate-swp
.swp.*
.directory
.Trash-*
build/
_build/
dist/
.tox/
*.pdf
*.exe
*.dll
*.gz
*.tgz
*.tar
*.rar
*.zip
*.pid
*.lock
*.env
.bundle/
!Pipfile.lock
.terraform
.terraform.*
tfplan
*.tfstate*
dockerfiles-master/.gitlab-ci.yml 0000664 0000000 0000000 00000007630 14600010636 0017277 0 ustar 00root root 0000000 0000000 ---
include:
- project: shore/ci-stuff
file: templates/pre-commit.yml
- project: shore/ci-stuff
file: templates/notify.yml
- project: shore/ci-stuff
file: templates/containerfiles.yml
# Base image templates:
stages:
- build-base
- deploy-base
- build
- deploy
.container-build-base:
extends: .container-build
stage: build-base
.container-push-base:
extends: .container-push
stage: deploy-base
# cgit image:
build-cgit:
extends: .container-build
variables:
CONTEXT: cgit
push-cgit:
extends: .container-push
variables:
CONTEXT: cgit
IMAGE: cgit
needs:
- job: build-cgit
artifacts: true
# httpd latest image:
build-httpd:
extends: .container-build-base
variables:
CONTEXT: httpd/bookworm
push-httpd:
extends: .container-push-base
variables:
CONTEXT: httpd/bookworm
IMAGE: httpd
needs:
- job: build-httpd
artifacts: true
# httpd bookworm image:
push-httpd-bookworm:
extends: .container-push-base
variables:
CONTEXT: httpd/bookworm
IMAGE: httpd
TAG: bookworm
needs:
- job: build-httpd
artifacts: true
# httpd bullseye image:
build-httpd-bullseye:
extends: .container-build-base
variables:
CONTEXT: httpd/bullseye
push-httpd-bullseye:
extends: .container-push-base
variables:
CONTEXT: httpd/bullseye
IMAGE: httpd
TAG: bullseye
needs:
- job: build-httpd-bullseye
artifacts: true
# httpd buster image:
build-httpd-buster:
extends: .container-build-base
variables:
CONTEXT: httpd/buster
push-httpd-buster:
extends: .container-push
variables:
CONTEXT: httpd/buster
IMAGE: httpd
TAG: buster
needs:
- job: build-httpd-buster
artifacts: true
# sshd image:
build-sshd:
extends: .container-build
variables:
CONTEXT: sshd
DOCKER_BUILDKIT: ""
push-sshd:
extends: .container-push
variables:
CONTEXT: sshd
IMAGE: sshd
needs:
- job: build-sshd
artifacts: true
# crond image:
build-crond:
extends: .container-build-base
variables:
CONTEXT: crond
push-crond:
extends: .container-push-base
variables:
CONTEXT: crond
IMAGE: cron
needs:
- job: build-crond
artifacts: true
# sleep image:
build-sleep:
extends: .container-build
variables:
CONTEXT: sleep
push-sleep:
extends: .container-push
variables:
CONTEXT: sleep
IMAGE: sleep
needs:
- job: build-sleep
artifacts: true
# webdav image:
build-webdav:
extends: .container-build
variables:
CONTEXT: webdav
push-webdav:
extends: .container-push
variables:
CONTEXT: webdav
IMAGE: webdav
needs:
- job: build-webdav
artifacts: true
# nginx image:
build-nginx:
extends: .container-build-base
variables:
CONTEXT: nginx
push-nginx:
extends: .container-push-base
variables:
CONTEXT: nginx
IMAGE: nginx
needs:
- job: build-nginx
artifacts: true
# youtube-dl image:
build-youtube-dl:
extends: .container-build
variables:
CONTEXT: youtube-dl
push-youtube-dl:
extends: .container-push
variables:
CONTEXT: youtube-dl
IMAGE: youtube-dl
needs:
- job: build-youtube-dl
artifacts: true
# postgres image:
build-postgres:
extends: .container-build
variables:
CONTEXT: postgres
push-postgres:
extends: .container-push
variables:
CONTEXT: postgres
IMAGE: postgres
needs:
- job: build-postgres
artifacts: true
# toolbx latest image:
build-toolbx:
extends: .container-build-base
variables:
CONTEXT: toolbx
push-toolbx:
extends: .container-push-base
variables:
CONTEXT: toolbx
IMAGE: toolbx
needs:
- job: build-toolbx
artifacts: true
# workbench image:
build-workbench:
extends: .container-build
variables:
CONTEXT: workbench
push-workbench:
extends: .container-push
variables:
CONTEXT: workbench
IMAGE: workbench
needs:
- job: build-workbench
artifacts: true
dockerfiles-master/.pre-commit-config.yaml 0000664 0000000 0000000 00000003337 14600010636 0021124 0 ustar 00root root 0000000 0000000 ---
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks.git
rev: v4.0.1
hooks:
- id: check-added-large-files
- id: check-executables-have-shebangs
- id: check-json
- id: check-merge-conflict
- id: check-shebang-scripts-are-executable
- id: check-symlinks
- id: check-toml
- id: check-xml
- id: check-yaml
- id: detect-private-key
- id: end-of-file-fixer
- id: trailing-whitespace
exclude: \.diff$
- repo: https://github.com/codespell-project/codespell.git
rev: v2.1.0
hooks:
- id: codespell
- repo: https://github.com/Yelp/detect-secrets.git
rev: v1.1.0
hooks:
- id: detect-secrets
- repo: https://github.com/amperser/proselint.git
rev: 0.10.2
hooks:
- id: proselint
types: [plain-text]
exclude: LICENSE|youtube-dl
- repo: https://gitlab.com/devopshq/gitlab-ci-linter.git
rev: v1.0.2
hooks:
- id: gitlab-ci-linter
args:
- "--server"
- https://git.shore.co.il
- repo: https://git.shore.co.il/nimrod/yamltool.git
rev: v0.1.2
hooks:
- id: yamltool
- repo: https://github.com/adrienverge/yamllint.git
rev: v1.26.3
hooks:
- id: yamllint
- repo: https://github.com/executablebooks/mdformat.git
rev: 0.7.10
hooks:
- id: mdformat
- repo: https://github.com/shellcheck-py/shellcheck-py.git
rev: v0.7.2.1
hooks:
- id: shellcheck
- repo: https://git.shore.co.il/nimrod/pre-commit-hooks.git
rev: v0.2.0
hooks:
- id: shell-validate
exclude: postgres/healthcheck
- repo: https://github.com/AleksaC/hadolint-py.git
rev: v2.12.0.2
hooks:
- id: hadolint
dockerfiles-master/LICENSE.txt 0000664 0000000 0000000 00000002054 14600010636 0016461 0 ustar 00root root 0000000 0000000 MIT License
Copyright (c) 2021 Adar Nimrod
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
dockerfiles-master/README.md 0000664 0000000 0000000 00000001054 14600010636 0016114 0 ustar 00root root 0000000 0000000 # Dockerfiles
[![pipeline status](https://git.shore.co.il/shore/dockerfiles/badges/master/pipeline.svg)](https://git.shore.co.il/shore/dockerfiles/-/commits/master)
Various dockerfiles.
## License
This software is licensed under the MIT license (see `LICENSE.txt`).
## Author Information
Nimrod Adar, [contact me](mailto:nimrod@shore.co.il) or visit my
[website](https://www.shore.co.il/). Patches are welcome via
[`git send-email`](http://git-scm.com/book/en/v2/Git-Commands-Email). The repository
is located at: .
dockerfiles-master/cgit/ 0000775 0000000 0000000 00000000000 14600010636 0015563 5 ustar 00root root 0000000 0000000 dockerfiles-master/cgit/.dockerignore 0000664 0000000 0000000 00000000026 14600010636 0020235 0 ustar 00root root 0000000 0000000 *
!cgitrc
!patch.diff
dockerfiles-master/cgit/Dockerfile 0000664 0000000 0000000 00000001050 14600010636 0017551 0 ustar 00root root 0000000 0000000 # hadolint ignore=DL3006
FROM registry.shore.co.il/httpd:bookworm
USER root
# hadolint ignore=DL3008,DL3015
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \
cgit \
groff-base \
python3-docutils \
python3-markdown \
python3-pygments \
&& \
a2enmod cgid && \
a2enconf cgit && \
install -d -o www-data -g www-data -m 755 /var/cache/cgit && \
rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
COPY --chown=root:root cgitrc /etc/
USER www-data
dockerfiles-master/cgit/README.md 0000664 0000000 0000000 00000000674 14600010636 0017051 0 ustar 00root root 0000000 0000000 # cgit
cgit container image.
## Usage
This container runs Apache that is configured with cgit at `/cgit`. It exposes
port 80 and serves the repositories under `/srv/git`. The container runs as
a limited user (`www-data`), so make sure to have the content of `/srv/git`
readable by it. Also, if you wish to persist the cache, the location is
`/var/cache/cgit`.
## Example
```
docker -v '/srv/git:/srv/git:ro' -p '80:80' adarnimrod/cgit
```
dockerfiles-master/cgit/cgitrc 0000664 0000000 0000000 00000001533 14600010636 0016763 0 ustar 00root root 0000000 0000000 #
# cgit config
# see cgitrc(5) for details
about-filter=/usr/lib/cgit/filters/about-formatting.sh
cache-size=2000
css=/cgit-css/cgit.css
enable-git-config=1
favicon=/cgit-css/favicon.ico
logo=/cgit-css/cgit.png
readme=:README.md
readme=:readme.md
readme=:README.mkd
readme=:readme.mkd
readme=:README.rst
readme=:readme.rst
readme=:README.html
readme=:readme.html
readme=:README.htm
readme=:readme.htm
readme=:README.txt
readme=:readme.txt
readme=:README
readme=:readme
readme=:INSTALL.md
readme=:install.md
readme=:INSTALL.mkd
readme=:install.mkd
readme=:INSTALL.rst
readme=:install.rst
readme=:INSTALL.html
readme=:install.html
readme=:INSTALL.htm
readme=:install.htm
readme=:INSTALL.txt
readme=:install.txt
readme=:INSTALL
readme=:install
remove-suffix=1
source-filter=/usr/lib/cgit/filters/syntax-highlighting.py
# Needs to be last.
scan-path=/srv/git/
dockerfiles-master/crond/ 0000775 0000000 0000000 00000000000 14600010636 0015742 5 ustar 00root root 0000000 0000000 dockerfiles-master/crond/.dockerignore 0000664 0000000 0000000 00000000002 14600010636 0020406 0 ustar 00root root 0000000 0000000 *
dockerfiles-master/crond/Dockerfile 0000664 0000000 0000000 00000001331 14600010636 0017732 0 ustar 00root root 0000000 0000000 FROM alpine:3.18 as downloader
ARG URL=https://github.com/aptible/supercronic/releases/download/v0.2.25/supercronic-linux-amd64
ARG SHA1SUM=642f4f5a2b67f3400b5ea71ff24f18c0a7d77d49
WORKDIR /tmp
RUN wget -q $URL && \
echo "$SHA1SUM supercronic-linux-amd64" > sha1.sum && \
sha1sum -c sha1.sum && \
install -m 755 supercronic-linux-amd64 /usr/local/bin/supercronic && \
touch /crontab
FROM alpine:3.18
COPY --from=downloader /usr/local/bin/supercronic /usr/local/bin/supercronic
COPY --from=downloader /crontab /crontab
WORKDIR /tmp
USER nobody
CMD [ "supercronic", "/crontab" ]
HEALTHCHECK CMD pgrep supercronic
RUN supercronic -test /crontab
ONBUILD COPY crontab /crontab
ONBUILD RUN supercronic -test /crontab
dockerfiles-master/crond/README.md 0000664 0000000 0000000 00000001464 14600010636 0017226 0 ustar 00root root 0000000 0000000 # Cron docker
A Docker image for running a Cron daemon, actually running
[Supercronic](https://github.com/aptible/supercronic).
## Usage
There are possible usage patterns for this image. The first is using it in a
multi-stage image build as the source of the `supercronic` binary to incorporate
in your own image like so:
```
FROM registry.shore.co.il/cron as supercronic
FROM alpine:latest
COPY --from=supercronic /usr/local/bin/supercronic /usr/local/bin/
```
The other pattern is building on top of this image to run some periodic tasks.
The `ONBUILD` commands will copy the crontab file and validate it. Just copy
whatever scripts and install whatever packages you need, like so:
```
FROM registry.shore.co.il/cron
COPY script /usr/local/bin/
USER root
RUN apk add --update --no-cache aws-cli
USER nobody
```
dockerfiles-master/httpd/ 0000775 0000000 0000000 00000000000 14600010636 0015760 5 ustar 00root root 0000000 0000000 dockerfiles-master/httpd/bookworm/ 0000775 0000000 0000000 00000000000 14600010636 0017617 5 ustar 00root root 0000000 0000000 dockerfiles-master/httpd/bookworm/.dockerignore 0000664 0000000 0000000 00000000002 14600010636 0022263 0 ustar 00root root 0000000 0000000 *
dockerfiles-master/httpd/bookworm/Dockerfile 0000664 0000000 0000000 00000002504 14600010636 0021612 0 ustar 00root root 0000000 0000000 FROM registry.hub.docker.com/library/debian:bookworm-slim
ENV APACHE_RUN_DIR=/run/apache2 \
APACHE_LOCK_DIR=/var/lock/apache2 \
APACHE_LOG_DIR=/var/log/apache2 \
APACHE_RUN_USER=www-data \
APACHE_RUN_GROUP=www-data \
APACHE_PID_FILE=/run/apache2/apache2.pid
# hadolint ignore=DL3008,DL3015
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \
apache2 \
libcap2-bin \
wget \
&& \
setcap CAP_NET_BIND_SERVICE=+ep /usr/sbin/apache2 && \
DEBIAN_FRONTEND=noninteractive apt-get purge --auto-remove -y libcap2-bin && \
a2enmod status && \
install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_RUN_DIR" && \
install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_LOCK_DIR" && \
install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_LOG_DIR" && \
ln -sf /dev/stdout "$APACHE_LOG_DIR/access.log" && \
ln -sf /dev/stderr "$APACHE_LOG_DIR/error.log" && \
ln -sf /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log" && \
rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
RUN apache2 -t
EXPOSE 80
CMD [ "apache2", "-DFOREGROUND" ]
USER "www-data"
WORKDIR /var/www
HEALTHCHECK CMD wget --spider --quiet http://localhost/server-status --user-agent 'Healthcheck' || exit 1
dockerfiles-master/httpd/bullseye/ 0000775 0000000 0000000 00000000000 14600010636 0017604 5 ustar 00root root 0000000 0000000 dockerfiles-master/httpd/bullseye/.dockerignore 0000664 0000000 0000000 00000000002 14600010636 0022250 0 ustar 00root root 0000000 0000000 *
dockerfiles-master/httpd/bullseye/Dockerfile 0000664 0000000 0000000 00000002504 14600010636 0021577 0 ustar 00root root 0000000 0000000 FROM registry.hub.docker.com/library/debian:bullseye-slim
ENV APACHE_RUN_DIR=/run/apache2 \
APACHE_LOCK_DIR=/var/lock/apache2 \
APACHE_LOG_DIR=/var/log/apache2 \
APACHE_RUN_USER=www-data \
APACHE_RUN_GROUP=www-data \
APACHE_PID_FILE=/run/apache2/apache2.pid
# hadolint ignore=DL3008,DL3015
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \
apache2 \
libcap2-bin \
wget \
&& \
setcap CAP_NET_BIND_SERVICE=+ep /usr/sbin/apache2 && \
DEBIAN_FRONTEND=noninteractive apt-get purge --auto-remove -y libcap2-bin && \
a2enmod status && \
install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_RUN_DIR" && \
install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_LOCK_DIR" && \
install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_LOG_DIR" && \
ln -sf /dev/stdout "$APACHE_LOG_DIR/access.log" && \
ln -sf /dev/stderr "$APACHE_LOG_DIR/error.log" && \
ln -sf /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log" && \
rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
RUN apache2 -t
EXPOSE 80
CMD [ "apache2", "-DFOREGROUND" ]
USER "www-data"
WORKDIR /var/www
HEALTHCHECK CMD wget --spider --quiet http://localhost/server-status --user-agent 'Healthcheck' || exit 1
dockerfiles-master/httpd/buster/ 0000775 0000000 0000000 00000000000 14600010636 0017264 5 ustar 00root root 0000000 0000000 dockerfiles-master/httpd/buster/.dockerignore 0000664 0000000 0000000 00000000002 14600010636 0021730 0 ustar 00root root 0000000 0000000 *
dockerfiles-master/httpd/buster/Dockerfile 0000664 0000000 0000000 00000002502 14600010636 0021255 0 ustar 00root root 0000000 0000000 FROM registry.hub.docker.com/library/debian:buster-slim
ENV APACHE_RUN_DIR=/run/apache2 \
APACHE_LOCK_DIR=/var/lock/apache2 \
APACHE_LOG_DIR=/var/log/apache2 \
APACHE_RUN_USER=www-data \
APACHE_RUN_GROUP=www-data \
APACHE_PID_FILE=/run/apache2/apache2.pid
# hadolint ignore=DL3008,DL3015
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \
apache2 \
libcap2-bin \
wget \
&& \
setcap CAP_NET_BIND_SERVICE=+ep /usr/sbin/apache2 && \
DEBIAN_FRONTEND=noninteractive apt-get purge --auto-remove -y libcap2-bin && \
a2enmod status && \
install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_RUN_DIR" && \
install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_LOCK_DIR" && \
install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_LOG_DIR" && \
ln -sf /dev/stdout "$APACHE_LOG_DIR/access.log" && \
ln -sf /dev/stderr "$APACHE_LOG_DIR/error.log" && \
ln -sf /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log" && \
rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
RUN apache2 -t
EXPOSE 80
CMD [ "apache2", "-DFOREGROUND" ]
USER "www-data"
WORKDIR /var/www
HEALTHCHECK CMD wget --spider --quiet http://localhost/server-status --user-agent 'Healthcheck' || exit 1
dockerfiles-master/nginx/ 0000775 0000000 0000000 00000000000 14600010636 0015760 5 ustar 00root root 0000000 0000000 dockerfiles-master/nginx/.dockerignore 0000664 0000000 0000000 00000000034 14600010636 0020431 0 ustar 00root root 0000000 0000000 *
!conf.d/
!www/
!snippets/
dockerfiles-master/nginx/Dockerfile 0000664 0000000 0000000 00000002226 14600010636 0017754 0 ustar 00root root 0000000 0000000 FROM docker.io/nginx:1.25.3-alpine
# hadolint ignore=DL3018
RUN rm -rf /etc/nginx/conf.d/* && \
chmod 777 /run && \
apk add --no-cache --update libcap openssl && \
curl https://letsencrypt.org/certs/isrg-root-ocsp-x1.pem.txt > /etc/ssl/ocsp.pem && \
mkdir /var/ssl &&\
curl https://ssl-config.mozilla.org/ffdhe2048.txt > /var/ssl/dhparams &&\
chmod 644 /var/ssl/dhparams && \
install -d -m 755 -o root -g root /etc/nginx/snippets && \
install -d -m 755 -o root -g root /var/ssl && \
install -d -m 755 -o root -g root /var/www && \
install -d -m 700 -o nginx -g nginx /var/cache/nginx && \
openssl req -x509 \
-newkey rsa:4096 \
-keyout /var/ssl/site.key \
-nodes \
-out /var/ssl/site.crt \
-batch && \
setcap CAP_NET_BIND_SERVICE=+ep "$(command -v nginx)" && \
chown nginx /var/ssl/site.*
COPY --chown=root:root conf.d/ /etc/nginx/conf.d/
COPY --chown=root:root snippets/ /etc/nginx/snippets/
USER nginx
RUN nginx -t
HEALTHCHECK CMD curl --fail --verbose --user-agent 'Docker health check' --header "Host: status" http://localhost/ || exit 1
dockerfiles-master/nginx/README.md 0000664 0000000 0000000 00000000060 14600010636 0017233 0 ustar 00root root 0000000 0000000 # Nginx
My tweaked version of the Nginx image.
dockerfiles-master/nginx/conf.d/ 0000775 0000000 0000000 00000000000 14600010636 0017127 5 ustar 00root root 0000000 0000000 dockerfiles-master/nginx/conf.d/default.conf 0000664 0000000 0000000 00000000703 14600010636 0021422 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
server {
listen 80 default_server;
listen [::]:80 default_server;
include snippets/www-acme-challenge.conf;
location / { return 301 https://www.shore.co.il$request_uri; }
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
http2 on;
include snippets/ssl-legacy.conf;
location / { return 301 https://www.shore.co.il$request_uri; }
}
dockerfiles-master/nginx/conf.d/global.conf 0000664 0000000 0000000 00000001105 14600010636 0021233 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
# The resolver for the Docker network.
resolver 127.0.0.11 valid=30s;
gzip on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
include snippets/common-headers.conf;
# Validate proxied SSL connections.
proxy_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
proxy_ssl_verify on;
proxy_ssl_verify_depth 4;
# For proxying /validate on different hosts to Vouch.
map $host $vouch { default vouch; }
dockerfiles-master/nginx/conf.d/status.conf 0000664 0000000 0000000 00000000272 14600010636 0021322 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
server {
listen 80;
listen [::]:80;
server_name status;
location = / { stub_status; }
include snippets/allow-private-ips.conf;
}
dockerfiles-master/nginx/snippets/ 0000775 0000000 0000000 00000000000 14600010636 0017625 5 ustar 00root root 0000000 0000000 dockerfiles-master/nginx/snippets/ads-txt.conf 0000664 0000000 0000000 00000000412 14600010636 0022055 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
location = /ads.txt {
if ($scheme = http) {
return 301 https://$host$request_uri;
}
if ($scheme = https) {
add_header Content-Type "text/plain; charset=utf-8";
return 200 "contact=webmaster@shore.co.il\n";
}
}
dockerfiles-master/nginx/snippets/allow-ns1.conf 0000664 0000000 0000000 00000000073 14600010636 0022311 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
allow 62.219.131.121; # ns1.shore.co.il
dockerfiles-master/nginx/snippets/allow-ns4.conf 0000664 0000000 0000000 00000000072 14600010636 0022313 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
allow 163.172.74.36; # ns4.shore.co.il
dockerfiles-master/nginx/snippets/allow-private-ips.conf 0000664 0000000 0000000 00000000152 14600010636 0024051 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
allow 127.0.0.0/8;
allow 10.0.0.0/8;
allow 192.168.0.0/16;
allow 172.16.0.0/12;
deny all;
dockerfiles-master/nginx/snippets/allow-shore-ips.conf 0000664 0000000 0000000 00000000173 14600010636 0023522 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
include snippets/allow-ns1.conf;
include snippets/allow-ns4.conf;
include snippets/allow-private-ips.conf;
dockerfiles-master/nginx/snippets/common-headers.conf 0000664 0000000 0000000 00000000571 14600010636 0023400 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
# add_headers are inherited from previous level if and only if there are no
# add_header directives defined on the current level. So any time there's an
# add_header directive there should be an `include snippets/common-headers.conf`
# directive as well.
add_header X-Frame-Options SAMEORIGIN always;
add_header Permissions-Policy interest-cohort=();
dockerfiles-master/nginx/snippets/ldap-auth.conf 0000664 0000000 0000000 00000000605 14600010636 0022354 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
auth_request /validate;
location = /validate {
proxy_pass https://auth.shore.co.il/validate;
proxy_http_version 1.1;
include snippets/proxy-ssl.conf;
proxy_ssl_name auth.shore.co.il;
internal;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
dockerfiles-master/nginx/snippets/matrix-well-known.conf 0000664 0000000 0000000 00000000167 14600010636 0024077 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
location = /.well-known/matrix/server {
return 200 "{\"m.server\": \"matrix.shore.co.il:443\"}";
}
dockerfiles-master/nginx/snippets/proxy-headers.conf 0000664 0000000 0000000 00000000574 14600010636 0023274 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_hide_header Strict-Transport-Security;
proxy_hide_header Public-Key-Pins;
proxy_hide_header Public-Key-Pins-Report-Only;
dockerfiles-master/nginx/snippets/proxy-ssl.conf 0000664 0000000 0000000 00000000307 14600010636 0022454 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
proxy_ssl_verify on;
proxy_ssl_verify_depth 3;
proxy_ssl_server_name on;
proxy_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
dockerfiles-master/nginx/snippets/redirect-https.conf 0000664 0000000 0000000 00000000110 14600010636 0023425 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
location / { return 301 https://$host$request_uri; }
dockerfiles-master/nginx/snippets/redirect-www.conf 0000664 0000000 0000000 00000000114 14600010636 0023113 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
location / { return 301 https://www.$host$request_uri; }
dockerfiles-master/nginx/snippets/robots-allow-all.conf 0000664 0000000 0000000 00000000221 14600010636 0023661 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
location = /robots.txt {
add_header Content-Type "text/plain; charset=utf-8";
return 200 "User-agent: *\nDisallow:\n";
}
dockerfiles-master/nginx/snippets/robots-disallow-all.conf 0000664 0000000 0000000 00000000223 14600010636 0024363 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
location = /robots.txt {
add_header Content-Type "text/plain; charset=utf-8";
return 200 "User-agent: *\nDisallow: *\n";
}
dockerfiles-master/nginx/snippets/security-txt.conf 0000664 0000000 0000000 00000000534 14600010636 0023162 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
location = /.well-known/security.txt {
if ($scheme = http) {
return 301 https://$host$request_uri;
}
if ($scheme = https) {
add_header Content-Type "text/plain; charset=utf-8";
return 200 "Contact: mailto:security@shore.co.il\nEncryption: https://www.shore.co.il/blog/static/nimrod.asc";
}
}
dockerfiles-master/nginx/snippets/ssl-common.conf 0000664 0000000 0000000 00000001206 14600010636 0022562 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header Expect-CT "max-age=86400, enforce, report-uri=\"https://www.shore.co.il/about\"";
include snippets/common-headers.conf;
ssl_certificate /var/ssl/site.crt;
ssl_certificate_key /var/ssl/site.key;
ssl_dhparam /var/ssl/dhparams;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/ocsp.pem;
dockerfiles-master/nginx/snippets/ssl-legacy.conf 0000664 0000000 0000000 00000000412 14600010636 0022534 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
include snippets/ssl-common.conf;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers !AESCCM:!kRSA:!3DES:!RC4:!DES:!MD5:!aNULL:!NULL:AESGCM+ECDH:ECDH+CHACHA20:AES256+ECDH:AES128:CHACHA20:+SHA1;
dockerfiles-master/nginx/snippets/ssl-modern.conf 0000664 0000000 0000000 00000000302 14600010636 0022552 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
include snippets/ssl-common.conf;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!NULL:!AES128:!ARIA128:!CAMELLIA:!SHA1:!kRSA;
dockerfiles-master/nginx/snippets/upgrade-secure.conf 0000664 0000000 0000000 00000000143 14600010636 0023405 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
if ($http_Upgrade-Insecure-Requests = 1) { return 301 https://$host$request_uri; }
dockerfiles-master/nginx/snippets/vouch.conf 0000664 0000000 0000000 00000002440 14600010636 0021620 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
# send all requests to the `/validate` endpoint for authorization
auth_request /validate;
location = /validate {
# forward the /validate request to Vouch Proxy
proxy_pass http://$vouch:9090/validate;
proxy_http_version 1.1;
internal;
include snippets/proxy-headers.conf;
# Vouch Proxy only acts on the request headers
proxy_pass_request_body off;
proxy_set_header Content-Length "";
# optionally add X-Vouch-User as returned by Vouch Proxy along with the request
auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user;
# these return values are used by the @error401 call
auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
}
# if validate returns `401 not authorized` then forward the request to the error401block
error_page 401 = @error401;
location @error401 {
# redirect to Vouch Proxy for login
return 302 https://vouch.shore.co.il/login?url=$scheme://$http_host$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err;
}
dockerfiles-master/nginx/snippets/websockets.conf 0000664 0000000 0000000 00000000201 14600010636 0022636 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 36000s;
dockerfiles-master/nginx/snippets/www-acme-challenge.conf 0000664 0000000 0000000 00000000131 14600010636 0024136 0 ustar 00root root 0000000 0000000 # vim: ft=nginx
location /.well-known/acme-challenge/ { root /var/www/www.shore.co.il; }
dockerfiles-master/postgres/ 0000775 0000000 0000000 00000000000 14600010636 0016503 5 ustar 00root root 0000000 0000000 dockerfiles-master/postgres/Dockerfile 0000664 0000000 0000000 00000000230 14600010636 0020470 0 ustar 00root root 0000000 0000000 FROM docker.io/postgres:16.1-alpine3.19
COPY --chown=root:root healthcheck backup restore /usr/local/bin/
HEALTHCHECK --start-period=3m CMD healthcheck
dockerfiles-master/postgres/README.md 0000664 0000000 0000000 00000001337 14600010636 0017766 0 ustar 00root root 0000000 0000000 # postgres
Just the upstream image but with a healthcheck.
## Backups
The image includes a `backup` and `restore` scripts. The `backup` scripts dumps
all of the databases using `pg_dumpall` and compresses the output using `zstd`
to stdout. This is meant so that backups are run by an external process and it
saves the output to a file, for example:
```
docker exec pg1 backup > /var/backups/pg1/dump.sql.zstd
```
The `restore` script matches the `backup` script in that the it reads a zstd
compress SQL dump from stdin. An example restore:
```
cat dump.sql.zstd | docker exec -i pg2 restore
```
In fact you're able to migrate data from 1 instance to another like so:
```
docker exec pg1 backup | docker exec -i pg2 restore
```
dockerfiles-master/postgres/backup 0000775 0000000 0000000 00000000145 14600010636 0017676 0 ustar 00root root 0000000 0000000 #!/usr/bin/env bash
set -euo pipefail
export PGUSER="${POSTGRES_USER:-postgres}"
pg_dumpall | zstd
dockerfiles-master/postgres/healthcheck 0000775 0000000 0000000 00000000731 14600010636 0020675 0 ustar 00root root 0000000 0000000 #!/usr/bin/env bash
set -eo pipefail
host="$(hostname -i || echo '127.0.0.1')"
user="${POSTGRES_USER:-postgres}"
db="${POSTGRES_DB:-$POSTGRES_USER}"
export PGPASSWORD="${POSTGRES_PASSWORD:-}"
args=(
# force postgres to not use the local unix socket (test "external" connectibility)
--host "$host"
--username "$user"
--dbname "$db"
--quiet --no-align --tuples-only
)
if select="$(echo 'SELECT 1' | psql "${args[@]}")" && [ "$select" = '1' ]; then
exit 0
fi
exit 1
dockerfiles-master/postgres/restore 0000775 0000000 0000000 00000000156 14600010636 0020116 0 ustar 00root root 0000000 0000000 #!/usr/bin/env bash
set -euo pipefail
export PGUSER="${POSTGRES_USER:-postgres}"
zstd --decompress - | psql
dockerfiles-master/sleep/ 0000775 0000000 0000000 00000000000 14600010636 0015745 5 ustar 00root root 0000000 0000000 dockerfiles-master/sleep/.dockerignore 0000664 0000000 0000000 00000000016 14600010636 0020416 0 ustar 00root root 0000000 0000000 *
!entrypoint
dockerfiles-master/sleep/Dockerfile 0000664 0000000 0000000 00000000234 14600010636 0017736 0 ustar 00root root 0000000 0000000 FROM alpine:3.18
COPY --chown=root:root entrypoint /usr/local/bin/entrypoint
USER nobody
ENTRYPOINT ["entrypoint"]
CMD ["sleep", "10"]
HEALTHCHECK CMD true
dockerfiles-master/sleep/README.md 0000664 0000000 0000000 00000000616 14600010636 0017227 0 ustar 00root root 0000000 0000000 # Sleep container image
A container image that just sleeps 10 on repeat (will output the sleep command
so you know it's running).
## Usage
For interactive use, specify `-it` so you ctrl+c the container:
```
docker run -it --name sleep registry.shore.co.il/sleep
```
You can also specify a more complex command:
```
docker run -it --name sleep registry.shore.co.il/sleep date '&&' sleep 5
```
dockerfiles-master/sleep/entrypoint 0000775 0000000 0000000 00000000072 14600010636 0020105 0 ustar 00root root 0000000 0000000 #!/bin/sh
while true
do
echo "$@"
eval "$@"
done
dockerfiles-master/sshd/ 0000775 0000000 0000000 00000000000 14600010636 0015576 5 ustar 00root root 0000000 0000000 dockerfiles-master/sshd/.dockerignore 0000664 0000000 0000000 00000000016 14600010636 0020247 0 ustar 00root root 0000000 0000000 *
!entrypoint
dockerfiles-master/sshd/Dockerfile 0000664 0000000 0000000 00000001514 14600010636 0017571 0 ustar 00root root 0000000 0000000 ARG BASEIMAGE=debian:testing-slim
# hadolint ignore=DL3006
FROM ${BASEIMAGE}
# hadolint ignore=DL3008
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
netcat-openbsd \
openssh-server \
&& \
rm -f /etc/ssh/ssh_host_* && \
echo > /etc/ssh/sshd_config && \
rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
COPY entrypoint /entrypoint
EXPOSE 22
ENTRYPOINT ["/entrypoint"]
HEALTHCHECK --start-period=5m CMD echo | nc localhost 22 | grep -q 'SSH-2.0-OpenSSH'
ENV SSHD_ARGS="-De -o 'PermitRootLogin no' -o 'PasswordAuthentication no' -o 'ChallengeResponseAuthentication no' -o 'PrintMotd no' -o 'PidFile none' -o 'Subsystem sftp /usr/lib/openssh/sftp-server'"
ENV EXTRA_SSHD_ARGS=""
CMD ["/usr/sbin/sshd", "$SSHD_ARGS", "$EXTRAS_SSHD_ARGS"]
dockerfiles-master/sshd/README.md 0000664 0000000 0000000 00000000043 14600010636 0017052 0 ustar 00root root 0000000 0000000 # sshd
> A dockerized SSH daemon.
dockerfiles-master/sshd/entrypoint 0000775 0000000 0000000 00000000372 14600010636 0017741 0 ustar 00root root 0000000 0000000 #!/bin/sh
set -eux
if [ ! -f /etc/ssh/moduli ]
then
ssh-keygen -G /etc/ssh/moduli.candidates
ssh-keygen -T /etc/ssh/moduli -f /etc/ssh/moduli.candidates
rm /etc/ssh/moduli.candidates
fi
ssh-keygen -A
mkdir -p /run/sshd
eval 'exec "$@"'
dockerfiles-master/toolbx/ 0000775 0000000 0000000 00000000000 14600010636 0016144 5 ustar 00root root 0000000 0000000 dockerfiles-master/toolbx/.curlrc 0000664 0000000 0000000 00000000106 14600010636 0017434 0 ustar 00root root 0000000 0000000 --silent
--location
--fail
--show-error
--compressed
--proto="=https"
dockerfiles-master/toolbx/.dockerignore 0000664 0000000 0000000 00000000051 14600010636 0020614 0 ustar 00root root 0000000 0000000 *
!preferences.d/*
!sources.d/*
!.curlrc
dockerfiles-master/toolbx/Dockerfile 0000664 0000000 0000000 00000005212 14600010636 0020136 0 ustar 00root root 0000000 0000000 FROM docker.io/golang:1.20 as golang
RUN go install github.com/1player/host-spawn@1.4.2
FROM docker.io/debian:testing-backports
COPY --from=golang /go/bin/host-spawn /usr/local/bin/host-spawn
SHELL ["/bin/bash", "-o", "pipefail", "-xc"]
ADD [ "https://www.shore.co.il/blog/static/runas", "/usr/local/sbin/runas" ]
COPY --chown=root:root .curlrc /root/
# hadolint ignore=DL3008
RUN rm /etc/apt/apt.conf.d/docker-* && \
apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
ca-certificates \
curl \
entr \
flatpak-xdg-utils \
gnupg \
gosu \
libnss-myhostname \
locales \
make \
netbase \
&& \
export GNUPGHOME=/tmp/gnupghome && \
mkdir --mode=0700 "$GNUPGHOME" && \
curl https://dl.k8s.io/apt/doc/apt-key.gpg > \
/usr/share/keyrings/google-cloud.gpg && \
curl https://pgp.mongodb.com/server-5.0.asc | \
gpg --no-default-keyring --import --batch --keyring /usr/share/keyrings/mongodb.gpg && \
curl https://apt.releases.hashicorp.com/gpg | \
gpg --no-default-keyring --import --batch --keyring /usr/share/keyrings/hashicorp.gpg && \
curl https://dl.cloudsmith.io/public/cloudposse/packages/gpg.7333C6FDEFA717CC.key | \
gpg --no-default-keyring --import --batch --keyring /usr/share/keyrings/cloudposse.gpg && \
curl https://repo.charm.sh/apt/gpg.key | \
gpg --no-default-keyring --import --batch --keyring /usr/share/keyrings/charm.gpg && \
curl https://packages.opentofu.org/opentofu/tofu/gpgkey | \
gpg --no-default-keyring --import --batch --keyring /usr/share/keyrings/opentofu.gpg && \
gpg --no-default-keyring --keyring /usr/share/keyrings/clickhouse.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 8919F6BD2B48D754 && \
ln --symbolic --target /usr/local/bin/ /usr/libexec/flatpak-xdg-utils/* && \
ln --symbolic /usr/local/bin/host-spawn /usr/local/bin/podman && \
#mkdir /etc/krb5.conf.d && \
echo 'VARIANT_ID=container' >> /etc/os-release && \
touch /etc/localtime && \
chmod 755 /usr/local/sbin/runas && \
sed -i 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/; s/# en_IL UTF-8/en_IL UTF-8/; s/# he_IL.UTF-8 UTF-8/he_IL.UTF-8 UTF-8/;' /etc/locale.gen && \
locale-gen && \
rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
COPY --chown=root:root sources.d/* /etc/apt/sources.list.d/
COPY --chown=root:root preferences.d/* /etc/apt/preferences.d/
# Testing that apt-get update works correctly.
RUN apt-get update && \
rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
LABEL com.github.containers.toolbox="true"
dockerfiles-master/toolbx/README.md 0000664 0000000 0000000 00000001410 14600010636 0017417 0 ustar 00root root 0000000 0000000 # Toolbx
Base image for [Toolbx](https://containertoolbx.org/) images. It has the
following changes it make more interactive use oriented and suitable for
Toolbox:
- Removed Docker specific settings in APT.
- Use Flatpak XDG utils and add `flatpak-spawn` as they're more useful inside a
toolbx container.
- Set the `VARIANT_ID` in `/etc/os-release`.
- Install `myhostname` nss plugin for cleaner hostname resolution.
Also. the following APT repositories are added:
- Google Cloud.
- MongoDB.
- Hashicorp.
- [Cloud Posse](https://github.com/cloudposse/packages).
- [Charms](https://charm.sh/).
- ClickHouse.
This image is based in part on the [toolbx
image](https://github.com/toolbx-images/images) and my own
[workbench image](https://git.shore.co.il/shore/workbench).
dockerfiles-master/toolbx/preferences.d/ 0000775 0000000 0000000 00000000000 14600010636 0020667 5 ustar 00root root 0000000 0000000 dockerfiles-master/toolbx/preferences.d/cloudposse 0000664 0000000 0000000 00000000102 14600010636 0022763 0 ustar 00root root 0000000 0000000 Package: *
Pin: release o=https://cloudsmith.io
Pin-Priority: 400
dockerfiles-master/toolbx/preferences.d/unstable 0000664 0000000 0000000 00000000064 14600010636 0022427 0 ustar 00root root 0000000 0000000 Package: *
Pin: release a=unstable
Pin-Priority: 99
dockerfiles-master/toolbx/sources.d/ 0000775 0000000 0000000 00000000000 14600010636 0020051 5 ustar 00root root 0000000 0000000 dockerfiles-master/toolbx/sources.d/charm.sources 0000664 0000000 0000000 00000000154 14600010636 0022550 0 ustar 00root root 0000000 0000000 Types: deb
URIs:https://repo.charm.sh/apt/
Suites: *
Components: *
Signed-By: /usr/share/keyrings/charm.gpg
dockerfiles-master/toolbx/sources.d/clickhouse.sources 0000664 0000000 0000000 00000000203 14600010636 0023602 0 ustar 00root root 0000000 0000000 Types: deb
URIs: https://packages.clickhouse.com/deb
Suites: stable
Components: main
Signed-By: /usr/share/keyrings/clickhouse.gpg
dockerfiles-master/toolbx/sources.d/cloudposse.sources 0000664 0000000 0000000 00000000253 14600010636 0023636 0 ustar 00root root 0000000 0000000 Types: deb deb-src
URIs: https://dl.cloudsmith.io/public/cloudposse/packages/deb/debian
Suites: any-version
Components: main
Signed-By: /usr/share/keyrings/cloudposse.gpg
dockerfiles-master/toolbx/sources.d/google-cloud.sources 0000664 0000000 0000000 00000000212 14600010636 0024031 0 ustar 00root root 0000000 0000000 Types: deb
URIs: https://packages.cloud.google.com/apt
Suites: cloud-sdk
Components: main
Signed-By: /usr/share/keyrings/google-cloud.gpg
dockerfiles-master/toolbx/sources.d/hashicorp.sources 0000664 0000000 0000000 00000000201 14600010636 0023427 0 ustar 00root root 0000000 0000000 Types: deb
URIs: https://apt.releases.hashicorp.com
Suites: buster
Components: main
Signed-By: /usr/share/keyrings/hashicorp.gpg
dockerfiles-master/toolbx/sources.d/mongodb.sources 0000664 0000000 0000000 00000000220 14600010636 0023075 0 ustar 00root root 0000000 0000000 Types: deb
URIs: https://repo.mongodb.org/apt/debian
Suites: buster/mongodb-org/5.0
Components: main
Signed-By: /usr/share/keyrings/mongodb.gpg
dockerfiles-master/toolbx/sources.d/opentofu.sources 0000664 0000000 0000000 00000000223 14600010636 0023312 0 ustar 00root root 0000000 0000000 Types: deb deb-src
URIs: https://packages.opentofu.org/opentofu/tofu/any/
Suites: any
Components: main
Signed-By: /usr/share/keyrings/opentofu.gpg
dockerfiles-master/toolbx/sources.d/unstable.sources 0000664 0000000 0000000 00000000212 14600010636 0023266 0 ustar 00root root 0000000 0000000 Types: deb
URIs: http://deb.debian.org/debian
Suites: unstable
Components: main
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
dockerfiles-master/webdav/ 0000775 0000000 0000000 00000000000 14600010636 0016105 5 ustar 00root root 0000000 0000000 dockerfiles-master/webdav/.dockerignore 0000664 0000000 0000000 00000000045 14600010636 0020560 0 ustar 00root root 0000000 0000000 *
!webdav.conf
!webdav-readonly.conf
dockerfiles-master/webdav/Dockerfile 0000664 0000000 0000000 00000000610 14600010636 0020074 0 ustar 00root root 0000000 0000000 # hadolint ignore=DL3006
FROM registry.shore.co.il/httpd
USER root
RUN a2enmod dav && \
a2enmod dav_fs && \
a2enmod dav_lock && \
install -d -m 750 -o root -g www-data /var/www/webdav && \
rm -rf /tmp/* /var/tmp/*
COPY --chown=root:root webdav.conf /etc/apache2/conf-enabled/
COPY --chown=root:root webdav-readonly.conf /etc/apache2/conf-enabled/
USER www-data
RUN apache2 -t
dockerfiles-master/webdav/README.md 0000664 0000000 0000000 00000001022 14600010636 0017357 0 ustar 00root root 0000000 0000000 # WebDAV container image
Apache2 with WebDAV enabled and configured.
## Usage
The directory that is shared is `/var/www/webdav`, so mount something there.
```
docker run -v '/mnt/foo:/var/www/webdav' -p 80:80 registry.shore.co.il/webdav
```
This image allows read-only access by default. If you want to change that build
your own image and delete `/etc/apache2/conf-enabled/webdav-readonly.conf` like
so:
```
FROM registry.shore.co.il/webdav
USER root
RUN rm /etc/apache2/conf-enabled/webdav-readonly.conf
USER www-data
```
dockerfiles-master/webdav/webdav-readonly.conf 0000664 0000000 0000000 00000000142 14600010636 0022034 0 ustar 00root root 0000000 0000000 # vim: ft=apache
Require method GET OPTIONS PROPFIND
dockerfiles-master/webdav/webdav.conf 0000664 0000000 0000000 00000000167 14600010636 0020230 0 ustar 00root root 0000000 0000000 # vim: ft=apache
Alias /webdav /var/www/webdav
RedirectMatch "^/$" /webdav
Dav On
dockerfiles-master/workbench/ 0000775 0000000 0000000 00000000000 14600010636 0016617 5 ustar 00root root 0000000 0000000 dockerfiles-master/workbench/.dockerignore 0000664 0000000 0000000 00000000036 14600010636 0021272 0 ustar 00root root 0000000 0000000 *
!bash_completion.d/*
!bin/*
dockerfiles-master/workbench/Dockerfile 0000664 0000000 0000000 00000024441 14600010636 0020616 0 ustar 00root root 0000000 0000000 # hadolint global ignore=DL4001
# hadolint ignore=DL3007
FROM registry.shore.co.il/toolbx:latest
SHELL ["/bin/bash", "-o", "pipefail", "-xc"]
ENV PATH /opt/pipx/bin:/usr/local/lib/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# hadolint ignore=DL3008
RUN apt-get update && \
curl "https://github.com/kubernetes/kompose/releases/download/v1.26.1/kompose_1.26.1_$(dpkg --print-architecture).deb" --output /tmp/kompose.deb && \
curl https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb --output /tmp/session-manager-plugin.deb && \
DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
/tmp/kompose.deb \
/tmp/session-manager-plugin.deb \
adb \
apache2-utils \
aspell-he \
at \
aws-vault \
bash-completion \
bats \
bc \
build-essential \
bundler \
bzr \
ca-certificates \
clickhouse-client \
cmake \
composer \
consul=1.16.4-1 \
curl \
dbus-x11 \
default-jdk-headless \
devscripts \
direnv \
dirmngr \
dnsutils \
docker.io \
dos2unix \
easy-rsa \
entr \
expect \
flatpak \
flatpak-builder \
flatpak-xdg-utils \
fuse3 \
gdal-bin \
gettext-base \
gh \
gir1.2-glib-2.0 \
gir1.2-ostree-1.0 \
git \
gnupg \
go-md2man \
gobjc++ \
golang \
gomplate \
google-cloud-cli-skaffold \
google-cloud-sdk \
gpgv \
helm \
hugo \
hunspell \
hunspell-he \
hyphen-en-us \
ipcalc \
iproute2 \
iputils-ping \
iputils-tracepath \
jp \
jq \
keyutils \
kops \
krb5-config \
kubectl \
ldap-utils \
less \
libbz2-dev \
libcairo2-dev \
libcap2-bin \
libdbus-1-dev \
libgirepository1.0-dev \
liblcms2-dev \
libldap2-dev \
liblzma-dev \
libmariadb-dev \
libncursesw5-dev \
libnotify-bin \
libpq-dev \
libproj-dev \
libprotobuf-dev \
libreadline-dev \
libsasl2-dev \
libsecret-tools \
libsqlite3-dev \
libwebp-dev \
libxml2-dev \
libxmlsec1-dev \
libyaml-dev \
llvm \
lsof \
lz4 \
man-db \
mariadb-client \
mat2 \
mercurial \
meson \
minikube \
mongodb-database-tools \
mythes-en-us \
netcat-openbsd \
nodejs \
npm \
ostree \
packer=1.9.5-1 \
php-cli \
pigz \
plocate \
postgresql-client \
protobuf-compiler \
python3-dev \
python3-pip \
python3-venv \
rclone \
redis-tools \
rename \
reprepro \
rsync \
ruby-dev \
sharutils \
shellcheck \
signify-openbsd \
skopeo \
sops \
subversion \
sudo \
swaks \
systemd \
task-english \
task-hebrew \
task-ssh-server \
telnet \
terraform=1.5.7-1 \
time \
tk-dev \
tmux \
tnftp \
tofu \
tree \
ttyrec \
udftools \
unzip \
vagrant=2.3.7-1 \
vault=1.14.8-1 \
vcdimager \
vim-nox \
w3m-img \
wget \
whois \
xauth \
xdg-user-dirs \
zip \
&& \
rm /etc/ssh/ssh_host_* && \
rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
ENV PIPX_HOME /opt/pipx
ENV PIPX_BIN_DIR /opt/pipx/bin
# hadolint ignore=DL3013
RUN export PIP_CONSTRAINT=/tmp/constraint.txt && \
echo 'resolvelib==0.5.4' > "$PIP_CONSTRAINT" && \
echo 'Cython < 3.0' >> "$PIP_CONSTRAINT" && \
python3 -m pip install --no-cache-dir --break-system-packages \
https://github.com/aws/aws-cli/archive/refs/heads/v2.zip \
Glances \
PyGObject \
PyMySQL \
ansible \
ansible-runner \
awslogs \
bcrypt \
black \
boto \
boto3 \
bump2version \
check-manifest \
colorama \
cookiecutter \
cryptography \
dnspython \
docker \
fabric \
flit \
github3.py \
gunicorn \
hashin \
httpbin \
httpie \
identify \
importlab \
invoke \
iredis \
khal \
khard \
litecli \
magic-wormhole \
mycli \
netaddr \
opensearch-py[async] \
paramiko \
parse \
passhole \
passlib \
pgcli \
pip-tools \
pipenv \
pipx \
poetry \
pre-commit \
protobuf \
psycopg2 \
pur \
pygments \
pymongo \
pyopenssl \
'python-gitlab[autocompletion,yaml]' \
python-hcl2 \
pyxdg \
redis \
remarshal \
requests \
rich-cli \
sdbus-notifications \
sh \
sqlite-utils \
template \
terraformation \
todoman \
tox \
transmission-rpc \
ziglang \
&& \
pipx install chalice && \
pipx install curator-opensearch && \
rm -rf /tmp/* /var/tmp/* ~/.cache/*
# hadolint ignore=DL3016
RUN npm install --global \
@bitwarden/cli \
@playwright/test \
corepack \
&& \
chown -R root:root /usr/local/lib/node_modules/@bitwarden/cli/node_modules/ && \
rm -rf /tmp/* /var/tmp/* ~/.cache/*
RUN export GOPATH=/usr/local/lib/go && \
mkdir "$GOPATH" && \
export GO111MODULE=on && \
go install github.com/1player/host-spawn@latest && \
go install github.com/aquaproj/aqua/v2/cmd/aqua@latest && \
go install github.com/giantswarm/semver-bump@latest && \
go install github.com/hashicorp/envconsul@latest && \
go install github.com/kaorimatz/mysqldump-loader@v0.4.1 && \
go install github.com/kvz/json2hcl@latest && \
go install github.com/lucagrulla/cw@latest && \
go install github.com/nektos/act@latest && \
go install github.com/nishanths/license/v5@latest && \
go install github.com/spelufo/on-change@latest && \
go install golang.org/x/tools/cmd/gonew@latest && \
go install sigs.k8s.io/kustomize/kustomize/v5@latest && \
rm -rf /tmp/* /var/tmp/* ~/.cache/*
# hadolint ignore=SC2263
RUN install -m 0755 <(curl https://raw.githubusercontent.com/rabbitmq/rabbitmq-server/v3.12.6/deps/rabbitmq_management/bin/rabbitmqadmin) /usr/local/bin/rabbitmqadmin && \
install -m 0755 <(curl "https://github.com/docker/compose/releases/download/v2.22.0/docker-compose-linux-$(uname -m)") /usr/local/bin/docker-compose && \
install -m 0755 <(curl "https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-$(go env GOOS)-$(go env GOARCH)") /usr/local/bin/reg && \
install -m 0755 <(curl "https://github.com/rancher/rke/releases/download/v1.4.10/rke_$(go env GOOS)-$(go env GOARCH)") /usr/local/bin/rke && \
install -m 0755 <(curl "https://pkgx.sh/Linux/$(uname -m)") /usr/local/bin/pkgx && \
mkdir /usr/local/share/bfg && \
install <(curl 'https://repo1.maven.org/maven2/com/madgag/bfg/1.14.0/bfg-1.14.0.jar') /usr/local/share/bfg/bfg.jar && \
curl https://github.com/SelfAdjointOperator/better-adb-sync/archive/refs/heads/master.tar.gz | tar -zxC /opt/ && \
ln --symbolic /opt/better-adb-sync-master/src/adbsync.py /usr/local/bin/adbsync && \
curl https://github.com/asdf-vm/asdf/archive/refs/heads/master.tar.gz | tar -zxC /opt/ && \
ln --symbolic --target /etc/profile.d/ /opt/asdf-master/asdf.sh && \
echo "export PATH=$PIPX_BIN_DIR:/usr/local/lib/go/bin:\$PATH" > /etc/profile.d/workbench.sh && \
rm -rf /tmp/* /var/tmp/* ~/.cache/*
RUN _PIPENV_COMPLETE=bash_source pipenv > /etc/bash_completion.d/pipenv && \
rabbitmqadmin --bash-completion > /etc/bash_completion.d/rabbitmqadmin && \
poetry completions bash > /etc/bash_completion.d/poetry && \
register-python-argcomplete gitlab > /etc/bash_completion.d/gitlab && \
register-python-argcomplete pipx -s bash > /etc/bash_completion.d/pipx && \
invoke --print-completion-script bash > /etc/bash_completion.d/invoke && \
fab --print-completion-script bash > /etc/bash_completion.d/fabric && \
helm completion bash > /etc/bash_completion.d/helm && \
semver-bump completion bash > /etc/bash_completion.d/semver-bump && \
kompose completion bash > /etc/bash_completion.d/kompose && \
skaffold completion bash > /etc/bash_completion.d/skaffold && \
kustomize completion bash > /etc/bash_completion.d/kustomize && \
wget https://raw.githubusercontent.com/docker/compose/1.29.2/contrib/completion/bash/docker-compose -qO /etc/bash_completion.d/docker-compose && \
wget https://raw.githubusercontent.com/ansible-community/molecule/1.25.1/asset/bash_completion/molecule.bash-completion.sh -qO /etc/bash_completion.d/molecule && \
wget https://github.com/mrolli/packer-bash-completion/raw/master/packer -qO /etc/bash_completion.d/packer && \
wget https://raw.githubusercontent.com/dsifford/yarn-completion/v0.17.0/yarn-completion.bash -qO /etc/bash_completion.d/yarn && \
wget https://github.com/containers/podman/raw/main/completions/bash/podman -qO /etc/bash_completion.d/podman && \
#wget https://raw.githubusercontent.com/ziglang/shell-completions/master/_zig -qO /etc/bash_completion.d/zig && \
ln --symbolic /opt/asdf-master/completions/asdf.bash /etc/bash_completion.d/asdf && \
rm -rf /tmp/* /var/tmp/* ~/.cache/*
RUN mkdir -p /usr/local/share/ca-certificates && \
wget https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem -qO - | \
awk '/-----BEGIN[A-Z0-9 ]*CERTIFICATE-----/ {n++} n > 0 {print > ("/usr/local/share/ca-certificates/rds-" (1+n) ".crt")}' && \
update-ca-certificates && \
# pragma: allowlist nextline secret
rm -rf /tmp/* /var/tmp/* ~/.cache/*
COPY --chown=root:root bash_completion.d/* /etc/bash_completion.d/
COPY --chown=root:root bin/* /usr/local/bin/
ENV ASDF_DIR /opt/asdf-master
VOLUME /run/sshd
CMD ["/bin/bash"]
dockerfiles-master/workbench/README.md 0000664 0000000 0000000 00000000354 14600010636 0020100 0 ustar 00root root 0000000 0000000 # Workbench
A Docker image for a portable working environment, meant to be used with
[Toolbox](https://github.com/containers/toolbox).
## Usage
```
toolbox create --registry registry.shore.co.il/workbench
toolbox enter workbench
```
dockerfiles-master/workbench/bash_completion.d/ 0000775 0000000 0000000 00000000000 14600010636 0022207 5 ustar 00root root 0000000 0000000 dockerfiles-master/workbench/bash_completion.d/aws 0000664 0000000 0000000 00000000057 14600010636 0022726 0 ustar 00root root 0000000 0000000 # vim: ft=bash
complete -C 'aws_completer' aws
dockerfiles-master/workbench/bash_completion.d/pre-commit 0000664 0000000 0000000 00000000771 14600010636 0024213 0 ustar 00root root 0000000 0000000 # vim: ft=bash
_pre_commit () {
local cur prev words cword opts
_init_completion || return
opts='-h --help -V --version'
commands='autoupdate clean gc init-templatedir install install-hooks migrate-config run sample-config try-repo uninstall validate-config validate-manifest help hook-impl'
if [[ $cur == -* ]]
then
COMPREPLY=($(compgen -W "$opts" -- "$cur"))
else
COMPREPLY=($(compgen -W "$commands" -- "$cur"))
fi
}
complete -F _pre_commit pre-commit
dockerfiles-master/workbench/bash_completion.d/sops 0000664 0000000 0000000 00000000773 14600010636 0023125 0 ustar 00root root 0000000 0000000 _cli_bash_autocomplete() {
if [[ "${COMP_WORDS[0]}" != "source" ]]; then
local cur opts base
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
if [[ "$cur" == "-"* ]]; then
opts=$( ${COMP_WORDS[@]:0:$COMP_CWORD} ${cur} --generate-bash-completion )
else
opts=$( ${COMP_WORDS[@]:0:$COMP_CWORD} --generate-bash-completion )
fi
COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
return 0
fi
}
complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete sops
dockerfiles-master/workbench/bash_completion.d/terraform 0000664 0000000 0000000 00000000057 14600010636 0024135 0 ustar 00root root 0000000 0000000 # vim: ft=bash
complete -C terraform terraform
dockerfiles-master/workbench/bash_completion.d/vault 0000664 0000000 0000000 00000000047 14600010636 0023266 0 ustar 00root root 0000000 0000000 # vim: ft=bash
complete -C vault vault
dockerfiles-master/workbench/bin/ 0000775 0000000 0000000 00000000000 14600010636 0017367 5 ustar 00root root 0000000 0000000 dockerfiles-master/workbench/bin/bfg 0000775 0000000 0000000 00000000104 14600010636 0020046 0 ustar 00root root 0000000 0000000 #!/bin/sh
set -eu
exec java -jar /usr/local/share/bfg/bfg.jar "$@"
dockerfiles-master/workbench/bin/gnome-open 0000775 0000000 0000000 00000000035 14600010636 0021357 0 ustar 00root root 0000000 0000000 #!/bin/sh
exec gio open "$@"
dockerfiles-master/workbench/bin/gpg2 0000775 0000000 0000000 00000000030 14600010636 0020145 0 ustar 00root root 0000000 0000000 #!/bin/sh
exec gpg "$@"
dockerfiles-master/workbench/bin/zig 0000775 0000000 0000000 00000000047 14600010636 0020107 0 ustar 00root root 0000000 0000000 #!/bin/sh
exec python3 -m ziglang "$@"
dockerfiles-master/youtube-dl/ 0000775 0000000 0000000 00000000000 14600010636 0016726 5 ustar 00root root 0000000 0000000 dockerfiles-master/youtube-dl/.dockerignore 0000664 0000000 0000000 00000000002 14600010636 0021372 0 ustar 00root root 0000000 0000000 *
dockerfiles-master/youtube-dl/Dockerfile 0000664 0000000 0000000 00000000632 14600010636 0020721 0 ustar 00root root 0000000 0000000 # hadolint ignore=DL3007
FROM registry.shore.co.il/toolbx:latest
# hadolint ignore=DL3008,DL3015
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \
ffmpeg \
libavcodec-extra \
libavfilter-extra \
libavformat-extra \
yt-dlp \
&& \
rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
ENTRYPOINT ["/usr/bin/yt-dlp"]
dockerfiles-master/youtube-dl/README.md 0000664 0000000 0000000 00000000327 14600010636 0020207 0 ustar 00root root 0000000 0000000 # youtube-dl
Container image that has youtube-dl and the recommended utilities from Debian.
## Usage
```
docker run -it --rm -u "$(id -u):$(id -g)" -v "$PWD:$PWD" -w "$PWD" registry.shore.co.il/youtube-dl -h
```